###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/10/13 ~ 2025/10/17 1.重大弱點漏洞/後門/Exploit/Zero Day 思科交換器SNMP弱點遭到利用，駭客以此部署Rootkit程式 https://www.ithome.com.tw/news/171737 Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in 'Zero Disco' Attacks https://thehackernews.com/2025/10/hackers-deploy-linux-rootkits-via-cisco.html Juniper修補網路設備作業系統逾200個資安漏洞 https://www.securityweek.com/juniper-networks-patches-critical-junos-space-vulnerabilities/ F5遭到國家級駭客攻擊，部分BIG-IP弱點資料、原始碼外流 https://www.ithome.com.tw/news/171715 F5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive Intrusion https://thehackernews.com/2025/10/f5-breach-exposes-big-ip-source-code.html 針對GoAnywhere零時差漏洞攻擊事故，Fortra公布事件發生經過 https://thehackernews.com/2025/10/from-detection-to-patch-fortra-reveals.html From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation https://thehackernews.com/2025/10/from-detection-to-patch-fortra-reveals.html From LFI to RCE: Active Exploitation Detected in Gladinet and TrioFox Vulnerability https://thehackernews.com/2025/10/from-lfi-to-rce-active-exploitation.html 哈佛大學發生資料外洩事故，傳出因ERP系統Oracle EBS零時差漏洞而釀禍 https://www.ithome.com.tw/news/171651 Oracle EBS 再爆高危險漏洞 CVE-2025-61884　允許未授權存取敏感資料 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12331 Google公布企業Oracle EBS系統遭駭調查報告，濫用的漏洞可能不只CVE-2025-61882 https://www.ithome.com.tw/news/171625 Oracle Critical Patch Updates and Security Alerts https://www.oracle.com/security-alerts Oracle Security Alert CVE-2025-61884 for E-Business Suite https://www.oracle.com/security-alerts/alert-cve-2025-61884 Oracle修補的EBS新漏洞CVE-2025-61884，傳出已遭ShinyHunters利用 https://www.bleepingcomputer.com/news/security/oracles-silently-fixes-zero-day-exploit-leaked-by-shinyhunters/ New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login https://thehackernews.com/2025/10/new-oracle-e-business-suite-bug-could.html SAP修補NetWeaver、列印服務、供應鏈關係管理平臺重大漏洞 https://www.ithome.com.tw/news/171699 New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login https://thehackernews.com/2025/10/new-sap-netweaver-bug-lets-attackers.html 微軟發布10月例行更新，修補6個零時差漏洞，半數已被用於實際攻擊 https://www.ithome.com.tw/news/171696 微軟端點防護平臺誤將SQL Server 2017、2019標示為不再受到支援 https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-mistakenly-flags-sql-server-as-end-of-life/ Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped https://thehackernews.com/2025/10/two-new-windows-zero-days-exploited-in.html Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control https://thehackernews.com/2025/10/two-cvss-100-bugs-in-red-lion-rtus.html CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack https://thehackernews.com/2025/10/cisa-flags-adobe-aem-flaw-with-perfect.html Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices https://thehackernews.com/2025/10/researchers-uncover-watchguard-vpn-bug.html Western Digital修補My Cloud NAS重大漏洞，駭客可未經驗證遠端執行任意指令 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12317 針對8月例行更新Adobe修補的AEM重大漏洞，CISA指出已被用於攻擊行動 https://www.bleepingcomputer.com/news/security/cisa-maximum-severity-adobe-flaw-now-exploited-in-attacks/ Veeam備份系統存在近滿分漏洞，攻擊者可用於發動RCE攻擊 https://securityonline.info/critical-rce-flaws-cve-2025-48983-cve-2025-48984-cvss-9-9-found-in-veeam-backup-replication/ Veeam揭露備份軟體重大風險，須更新至12.3.2.4165版修補漏洞 https://www.ithome.com.tw/news/171731 身分識別及管理平臺OneLogin存在漏洞，攻擊者可透過API金鑰竊取OpenID Connect機密、冒充應用程式 https://www.ithome.com.tw/news/171530 GitHub Copilot存在弱點，攻擊者可透過CamoLeak手法洩露資料 https://www.darkreading.com/application-security/github-copilot-camoleak-ai-attack-exfils-data 2.銀行/金融/保險/證券/金融監理 新聞及資安 即時通訊軟體WhatsApp遭濫用，金融木馬意圖藉此挾持受害電腦 https://gbhackers.com/banking-malware/ Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns https://thehackernews.com/2025/10/astaroth-banking-trojan-abuses-github.html 銀行資安審查 納入外資背景 https://udn.com/news/story/7239/9075454 兆豐銀強化資安防護 引入AI與零信任架構 https://udn.com/news/story/7239/9077329 3.信用卡/電子支付/行動支付/pay/支付系統/資安 Visa推可信代理協定，以HTTP簽章串接身分與支付流程 https://www.ithome.com.tw/news/171704 LINE Pay與inline 簽署MOU　攜手打造跨界服務生態圈 https://www.cardu.com.tw/mpay/detail.php?59338 手機搭車延期！何時可以用iPhone搭台北捷運 https://www.cw.com.tw/article/5133855 台北捷運2026年啟用QR Code與信用卡感應進站！最快7月支援Apple Pay https://www.sogi.com.tw/articles/digitallife/6266776 飛日本「行動支付沒關1功能」超危險！出國慘捲詐騙　警察也示警 https://www.nownews.com/news/6741647 出國只用信用卡？行動支付在日韓、小額市場強勢挑戰 https://vip.udn.com/vip/story/122864/9049049 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 從資安到合規：台灣金融業安全導入穩定幣與鏈上結算的必經之路 https://www.ctee.com.tw/news/20250918700139-439901 TigerJack散布多款VS Code與OpenVSX惡意外掛，竊碼挖礦還能遠端操控 https://www.ithome.com.tw/news/171727 比特幣 11 萬美元，加密 VC 卻快沒了 https://www.blocktempo.com/bitcoin-11-million-usd-crypto-vc-dying/ Binance理財、一鍵買幣、閃兌、槓桿將上線ZEROBASE（ZBT） https://m.cnyes.com/news/id/6196285 史上最大150億加密貨幣沒收案背後，20 萬比特幣地址恐外洩！被點名錢包回應了 https://abmedia.io/doj-crypto-wallet-private-key-bitcoin OpenSea正尋求轉型成為加密貨幣交易聚合器 https://m.cnyes.com/news/id/6196273 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 勒索軟體「卡特爾聯盟」成形　朝日啤酒遭攻擊損失恐達 3.35 億美元 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12321 三大勒索軟體集團LockBit、DragonForce與Qilin結盟 https://www.ithome.com.tw/news/171615 微軟揭露專門鎖定Teams用戶而來的勒索軟體Rhysida攻擊 https://www.bleepingcomputer.com/news/microsoft/microsoft-disrupts-ransomware-attacks-targeting-teams-users/ 勒索軟體BlackSuit濫用外流VPN帳密入侵企業組織 https://gbhackers.com/blacksuit-ransomware-breaches-corporate-network/ 濫用Windows工作排程，駭客從事攻擊行動Operation Silk Lure，意圖散布惡意程式ValleyRAT https://gbhackers.com/operation-silk-lure/ 開源工具Nezha遭中國駭客濫用，臺灣有22臺系統受害，攻擊者可藉此在網站植入後門Ghost RAT https://www.ithome.com.tw/news/171635 只要250份投毒樣本，就能在LLM預訓練植入後門觸發亂碼 https://www.ithome.com.tw/news/171676 Rust惡意軟體ChaosBot運用Discord頻道控制受害電腦 https://thehackernews.com/2025/10/new-rust-based-malware-chaosbot-hijacks.html 中國駭客UTA0388濫用大型語言模型從事網釣活動，意圖散布惡意程式GoverShell https://thehackernews.com/2025/10/from-healthkick-to-govershell-evolution.html LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets https://thehackernews.com/2025/10/linkpro-linux-rootkit-uses-ebpf-to-hide.html Hackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress Sites https://thehackernews.com/2025/10/hackers-abuse-blockchain-smart.html North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts https://thehackernews.com/2025/10/north-korean-hackers-use-etherhiding-to.html Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign https://thehackernews.com/2025/10/microsoft-revokes-200-fraudulent.html Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers https://thehackernews.com/2025/10/stealit-malware-abuses-nodejs-single.html Researchers Warn RondoDox Botnet is Weaponizing Over 50 Flaws Across 30+ Vendors https://thehackernews.com/2025/10/researchers-warn-rondodox-botnet-is.html 微軟限縮Edge的相容模式，透露駭客已濫用IE零時差漏洞控制受害裝置 https://www.ithome.com.tw/news/171717 Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor https://thehackernews.com/2025/10/microsoft-locks-down-ie-mode-after.html New Rust-Based Malware "ChaosBot" Uses Discord Channels to Control Victims' PCs https://thehackernews.com/2025/10/new-rust-based-malware-chaosbot-hijacks.html Researchers Expose TA585's MonsterV2 Malware Capabilities and Attack Chain https://thehackernews.com/2025/10/researchers-expose-ta585s-monsterv2.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 隱私通訊軟體Signal協定升級三棘輪演算法，更能抵禦量子攻擊 https://www.ithome.com.tw/news/171524 安卓惡意軟體ClayRat鎖定俄羅斯而來 https://zimperium.com/blog/clayrat-a-new-android-spyware-targeting-russia 側通道攻擊Pixnapping鎖定Google、三星裝置，免權限竊取螢幕內容 https://www.ithome.com.tw/news/171698 蘋果擴大漏洞懸賞規模因應間諜攻擊活動，零點擊RCE漏洞加碼至200萬美元 https://www.bleepingcomputer.com/news/security/apple-now-offers-2-million-for-zero-click-rce-vulnerabilities/ New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions https://thehackernews.com/2025/10/new-pixnapping-android-flaw-lets-rogue.html ThreatsDay Bulletin: $15B Crypto Bust, Satellite Spying, Billion-Dollar Smishing, Android RATs & More https://thehackernews.com/2025/10/threatsday-bulletin-15b-crypto-bust.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 中央廣播電臺網站橫幅遭置換，檢警二度搜索，涉案員工意圖國慶日再度犯案 https://www.ithome.com.tw/news/171671 美國律師事務所Williams & Connolly遭駭，中國駭客疑透過零時差漏洞得逞 https://www.securityweek.com/chinese-hackers-breached-law-firm-williams-connolly-via-zero-day/ 美國起訴殺豬騙局詐騙集團，打算沒收150億美元比特幣 https://www.ithome.com.tw/news/171707 駭客組織Crimson Collective聲稱入侵遊戲主機製造商任天堂，後續影響有待觀察 https://x.com/H4ckmanac/status/1976895206273220758 汽車零件製造商東陽遭勒索軟體攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=181849&SPOKE_DATE=20251015&COMPANY_ID=1319 生技業者葡萄王發重訊，透露子公司葡眾遭網路攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=152101&SPOKE_DATE=20251016&COMPANY_ID=1707 Chinese Threat Group 'Jewelbug' Quietly Infiltrated Russian IT Network for Months https://thehackernews.com/2025/10/chinese-threat-group-jewelbug-quietly.html 中國駭客Flax Typhoon將地理資訊平臺元件ArcGIS充當後門，埋伏受害組織超過一年 https://www.ithome.com.tw/news/171705 Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year https://thehackernews.com/2025/10/chinese-hackers-exploit-arcgis-server.html Hackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell Access https://thehackernews.com/2025/10/hackers-target-ictbroadcast-servers-via.html npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels https://thehackernews.com/2025/10/npm-pypi-and-rubygems-packages-found.html CL0P-Linked Hackers Breach Dozens of Organizations Through Oracle Software Flaw https://thehackernews.com/2025/10/cl0p-linked-hackers-breach-dozens-of.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 SonicWall 資料外洩影響擴大：從 5% 暴增至 100% 雲端備份用戶全受害 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12330 防火牆業者SonicWall完成被駭調查，確認雲端備份客戶全數受影響 https://www.ithome.com.tw/news/171634 駭客開始公布Qantas澳洲航空乘客資料 https://www.ithome.com.tw/news/171632 輔大醫院個資外洩疑雲調查結果出爐，涉案治療師遭解雇 https://www.ithome.com.tw/news/171679 Salesforce 明確拒付贖金　駭客威脅公開 39 家企業近 10 億筆資料 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12322 服飾品牌Mango行銷系統遭駭，客戶資料外洩 https://www.ithome.com.tw/news/171708 美國警方破獲洩露Salesforce用戶資料的駭客論壇網站 https://www.ithome.com.tw/news/171629 Crimson Collective鎖定企業AWS雲端環境竊取機密，並進行勒索 https://www.ithome.com.tw/news/171626 針對防火牆雲端組態備份服務遭駭，逾100個SSL VPN帳號受影響 https://thehackernews.com/2025/10/experts-warn-of-widespread-sonicwall.html 組態配置不當的Elasticsearch存放1.12 TB資料，洩露逾60億筆記錄 https://hackread.com/elasticsearch-leak-6-billion-record-scraping-breaches/ 駭客組織Storm-2657鎖定美國大學而來，存取人力資源平臺洗劫員工薪水 https://www.microsoft.com/en-us/security/blog/2025/10/09/investigating-targeted-payroll-pirate-attacks-affecting-us-universities/ Microsoft Warns of 'Payroll Pirates' Hijacking HR SaaS Accounts to Steal Employee Salaries https://thehackernews.com/2025/10/microsoft-warns-of-payroll-pirates.html 175個惡意NPM套件被用於網釣，駭客意圖竊取帳密 https://thehackernews.com/2025/10/175-malicious-npm-packages-with-26000.html 175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign https://thehackernews.com/2025/10/175-malicious-npm-packages-with-26000.html E.研究報告/工具 Why Unmonitored JavaScript Is Your Biggest Holiday Security Risk https://thehackernews.com/2025/10/why-unmonitored-javascript-is-your.html Moving Beyond Awareness: How Threat Hunting Builds Readiness https://thehackernews.com/2025/10/moving-beyond-awareness-how-threat.html RMPocalypse: Single 8-Byte Write Shatters AMD's SEV-SNP Confidential Computing https://thehackernews.com/2025/10/rmpocalypse-single-8-byte-write.html What AI Reveals About Web Applications— and Why It Matters https://thehackernews.com/2025/10/what-ai-reveals-about-web-applications.html How Attackers Bypass Synced Passkeys https://thehackernews.com/2025/10/how-attackers-bypass-synced-passkeys.html Beware the Hidden Costs of Pen Testing https://thehackernews.com/2025/10/beware-hidden-costs-of-pen-testing.html Identity Security: Your First and Last Line of Defense https://thehackernews.com/2025/10/identity-security-your-first-and-last.html F.商業 從禁止到管理：Forrester AEGIS 框架重新定義 AI 代理程式安全策略 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12315 微軟正式終止支援Windows 10 https://www.ithome.com.tw/news/171640 Windows 11添增Hey Copilot功能，將Copilot Vison部署至全球市場 https://www.ithome.com.tw/news/171740 LevelBlue收購資安公司Cybereason https://www.ithome.com.tw/news/171745 由Nvidia與微軟等業者組成的財團將以400億美元買下Aligned Data Centers，創全球規模最大資料中心交易 https://www.ithome.com.tw/news/171734 The AI SOC Stack of 2026: What Sets Top-Tier Platforms Apart https://thehackernews.com/2025/10/the-ai-soc-stack-of-2026-what-sets-top.html Architectures, Risks, and Adoption: How to Assess and Choose the Right AI-SOC Platform https://thehackernews.com/2025/10/architectures-risks-and-adoption-how-to.html G.政府 環境部成立環境資訊科技司，要以AI提升行政作業效率及加強環境治理 https://www.ithome.com.tw/news/171729 央廣駭客案掀資安疑慮　內政部揭內情：每天被攻擊5萬次「0成功」 https://today.line.me/tw/v3/article/EX2mwz2?view=topic&referral=legislaturetw 數發部14項「韌性科技」成果曝光，建構AI永續新臺灣 https://www.thehubnews.net/archives/558090 街口個資外洩引發疑慮 連資通安全署都被冒名行詐 https://reurl.cc/MzqmoX H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 18萬台工控設備暴露於網路，關鍵基礎設施面臨重大威脅 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12329 DDoS殭屍網路Aisuru鎖定位於美國ISP的物聯網裝置 https://www.ithome.com.tw/news/171719 DDoS殭屍網路Aisuru創30 Tbps流量紀錄，大量物聯網設備存在於美國ISP網路而難以因應 https://krebsonsecurity.com/2025/10/ddos-botnet-aisuru-blankets-us-isps-in-record-ddos/ 殭屍網路RondoDox鎖定56種資安漏洞，攻擊逾30種連網裝置 https://www.bleepingcomputer.com/news/security/rondodox-botnet-targets-56-n-day-flaws-in-worldwide-attacks/ 殭屍網路RondoDox擴大感染規模，鎖定56種資安漏洞，攻擊逾30個廠牌的連網裝置 https://www.ithome.com.tw/news/171726 跨國大型殭屍網路綁架十萬裝置，鎖定美國RDP服務而來，不到一週攻擊規模翻倍 https://www.ithome.com.tw/news/171728 後門程式PolarEdge鎖定多廠牌路由器而來，思科、威聯通、群暉設備皆被針對 https://securityonline.info/sekoia-exposes-polaredge-backdoor-custom-mbedtls-c2-compromising-cisco-qnap-and-synology-devices/ I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 #141 Speaker: Mark Louie F. Ramos, PhD, Health Policy and Admin, Penn State 2025/10/18 https://www.meetup.com/r-user-group-philippines/events/307873713/ Bridging Models, Prompts, and Agents: The Future of AI Apps in Azure AI Foundry 2025/10/18 https://www.meetup.com/cloud-experts-group/events/311125226/ Scrum Bricks Workshop｜積木 Scrum 體驗營 2025/10/18 https://www.accupass.com/event/2508311255041428913730 AI 破浪者論壇︱駕馭未來職場新賽局－新北有課 UKO X Yourator 2025/10/18 https://www.accupass.com/event/2508181019567712755010 資安講座：網站不再被DDOS，就等這一場 2025/10/21 https://www.accupass.com/event/2508290706271662815486 Elastic Security 攻防解析：AI 時代的威脅獵捕新戰法 2025/10/22 https://www.accupass.com/event/2509160743349781667840 趨勢科技一日遊 2025/10/22 https://hackersir.kktix.cc/events/2fc3c79e 從RED-DA到CRA 產品資安合規攻略 2025/10/23 https://www.accupass.com/event/2509090956311767741406 [On-Line] AWS Global Community Gatherings #12 2025/10/24 https://www.meetup.com/awsglobalcommunitygatherings/events/310622465/ AI智慧化流程與管理應用專業人員班 2025/11/12 https://www.accupass.com/event/2509120400472009022575 DQS 年度論壇：迎接全球化，AI 驅動下的供應鏈韌性 2025/11/14 https://www.accupass.com/event/2509250347388679111730